slsa-verifier

mirror of https://github.com/slsa-framework/slsa-verifier.git synced 2026-05-10 02:26:35 +00:00

Author	SHA1	Message	Date
laurentsimon	73d1bcba98	fix: release failure (#697 ) Signed-off-by: laurentsimon <laurentsimon@google.com>	2023-08-24 15:58:45 -07:00
Mend Renovate	b9a0e6babf	chore(deps): update github-actions (#686 ) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [actions/dependency-review-action](https://togithub.com/actions/dependency-review-action) \| action \| patch \| `v3.0.6` -> `v3.0.7` \| \| [actions/setup-node](https://togithub.com/actions/setup-node) \| action \| minor \| `v3.7.0` -> `v3.8.0` \| \| [github/codeql-action](https://togithub.com/github/codeql-action) \| action \| patch \| `v2.21.3` -> `v2.21.4` \| --- ### ⚠ Dependency Lookup Warnings ⚠ Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/dependency-review-action (actions/dependency-review-action)</summary> ### [`v3.0.7`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.0.7): 3.0.7 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.0.6...v3.0.7) #### What's Changed - Make GHES support / setup more clear by [@rajbos](https://togithub.com/rajbos) in [https://github.com/actions/dependency-review-action/pull/534](https://togithub.com/actions/dependency-review-action/pull/534) - Add an option to deny packages or groups of packages by [@adrienpessu](https://togithub.com/adrienpessu) in [https://github.com/actions/dependency-review-action/pull/544](https://togithub.com/actions/dependency-review-action/pull/544) #### New Contributors - [@rajbos](https://togithub.com/rajbos) made their first contribution in [https://github.com/actions/dependency-review-action/pull/534](https://togithub.com/actions/dependency-review-action/pull/534) - [@adrienpessu](https://togithub.com/adrienpessu) made their first contribution in [https://github.com/actions/dependency-review-action/pull/544](https://togithub.com/actions/dependency-review-action/pull/544) Full Changelog: https://github.com/actions/dependency-review-action/compare/v3...v3.0.7 </details> <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v3.8.0`](https://togithub.com/actions/setup-node/releases/tag/v3.8.0) [Compare Source](https://togithub.com/actions/setup-node/compare/v3.7.0...v3.8.0) #### What's Changed ##### Bug fixes: - Add check for existing paths by [@dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [https://github.com/actions/setup-node/pull/803](https://togithub.com/actions/setup-node/pull/803) - Resolve SymbolicLink by [@dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [https://github.com/actions/setup-node/pull/809](https://togithub.com/actions/setup-node/pull/809) - Change passing logic for cache input by [@dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [https://github.com/actions/setup-node/pull/816](https://togithub.com/actions/setup-node/pull/816) - Fix armv7 cache issue by [@louislam](https://togithub.com/louislam) in [https://github.com/actions/setup-node/pull/794](https://togithub.com/actions/setup-node/pull/794) - Update check-dist workflow name by [@sinchang](https://togithub.com/sinchang) in [https://github.com/actions/setup-node/pull/710](https://togithub.com/actions/setup-node/pull/710) ##### Feature implementations: - feat: handling the case where "node" is used for tool-versions file. by [@xytis](https://togithub.com/xytis) in [https://github.com/actions/setup-node/pull/812](https://togithub.com/actions/setup-node/pull/812) ##### Documentation changes: - Refer to semver package name in README.md by [@olleolleolle](https://togithub.com/olleolleolle) in [https://github.com/actions/setup-node/pull/808](https://togithub.com/actions/setup-node/pull/808) ##### Update dependencies: - Update toolkit cache to fix zstd by [@dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [https://github.com/actions/setup-node/pull/804](https://togithub.com/actions/setup-node/pull/804) - Bump tough-cookie and [@azure/ms-rest-js](https://togithub.com/azure/ms-rest-js) by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/setup-node/pull/802](https://togithub.com/actions/setup-node/pull/802) - Bump semver from 6.1.2 to 6.3.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/setup-node/pull/807](https://togithub.com/actions/setup-node/pull/807) - Bump word-wrap from 1.2.3 to 1.2.4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/setup-node/pull/815](https://togithub.com/actions/setup-node/pull/815) #### New Contributors - [@olleolleolle](https://togithub.com/olleolleolle) made their first contribution in [https://github.com/actions/setup-node/pull/808](https://togithub.com/actions/setup-node/pull/808) - [@louislam](https://togithub.com/louislam) made their first contribution in [https://github.com/actions/setup-node/pull/794](https://togithub.com/actions/setup-node/pull/794) - [@sinchang](https://togithub.com/sinchang) made their first contribution in [https://github.com/actions/setup-node/pull/710](https://togithub.com/actions/setup-node/pull/710) - [@xytis](https://togithub.com/xytis) made their first contribution in [https://github.com/actions/setup-node/pull/812](https://togithub.com/actions/setup-node/pull/812) Full Changelog: https://github.com/actions/setup-node/compare/v3...v3.8.0 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.21.4`](https://togithub.com/github/codeql-action/compare/v2.21.3...v2.21.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.3...v2.21.4) </details> --- ### Configuration 📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 Immortal: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi40MC4zIiwidXBkYXRlZEluVmVyIjoiMzYuNDAuMyIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Signed-off-by: Mend Renovate <bot@renovateapp.com>	2023-08-14 22:44:36 +00:00
Mend Renovate	57e3f65b43	chore(deps): update github-actions (#666 ) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [actions/setup-go](https://togithub.com/actions/setup-go) \| action \| minor \| `v4.0.1` -> `v4.1.0` \| \| [github/codeql-action](https://togithub.com/github/codeql-action) \| action \| minor \| `v2.20.4` -> `v2.21.3` \| \| [slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator) \| action \| minor \| `v1.7.0` -> `v1.8.0` \| --- ### ⚠ Dependency Lookup Warnings ⚠ Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/setup-go (actions/setup-go)</summary> ### [`v4.1.0`](https://togithub.com/actions/setup-go/releases/tag/v4.1.0) [Compare Source](https://togithub.com/actions/setup-go/compare/v4.0.1...v4.1.0) ##### What's Changed In scope of this release, slow installation on Windows was fixed by [@dsame](https://togithub.com/dsame) in [https://github.com/actions/setup-go/pull/393](https://togithub.com/actions/setup-go/pull/393) and OS version was added to `primaryKey` for Ubuntu runners to avoid conflicts ([https://github.com/actions/setup-go/pull/383](https://togithub.com/actions/setup-go/pull/383)) This release also includes the following changes: - Remove implicit dependencies by [@nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [https://github.com/actions/setup-go/pull/378](https://togithub.com/actions/setup-go/pull/378) - Update action.yml by [@mkelly](https://togithub.com/mkelly) in [https://github.com/actions/setup-go/pull/379](https://togithub.com/actions/setup-go/pull/379) - Added a description that go-version should be specified as a string type by [@n3xem](https://togithub.com/n3xem) in [https://github.com/actions/setup-go/pull/367](https://togithub.com/actions/setup-go/pull/367) - Add note about YAML parsing versions by [@dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [https://github.com/actions/setup-go/pull/382](https://togithub.com/actions/setup-go/pull/382) - Automatic update of configuration files from 05/23/2023 by [@github-actions](https://togithub.com/github-actions) in [https://github.com/actions/setup-go/pull/377](https://togithub.com/actions/setup-go/pull/377) - Bump tough-cookie and [@azure/ms-rest-js](https://togithub.com/azure/ms-rest-js) by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/setup-go/pull/392](https://togithub.com/actions/setup-go/pull/392) - Bump word-wrap from 1.2.3 to 1.2.4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/setup-go/pull/397](https://togithub.com/actions/setup-go/pull/397) - Bump semver from 6.3.0 to 6.3.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/setup-go/pull/396](https://togithub.com/actions/setup-go/pull/396) ##### New Contributors - [@mkelly](https://togithub.com/mkelly) made their first contribution in [https://github.com/actions/setup-go/pull/379](https://togithub.com/actions/setup-go/pull/379) - [@n3xem](https://togithub.com/n3xem) made their first contribution in [https://github.com/actions/setup-go/pull/367](https://togithub.com/actions/setup-go/pull/367) Full Changelog: https://github.com/actions/setup-go/compare/v4...v4.1.0 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.21.3`](https://togithub.com/github/codeql-action/compare/v2.21.2...v2.21.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.2...v2.21.3) ### [`v2.21.2`](https://togithub.com/github/codeql-action/compare/v2.21.1...v2.21.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.1...v2.21.2) ### [`v2.21.1`](https://togithub.com/github/codeql-action/compare/v2.21.0...v2.21.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.0...v2.21.1) ### [`v2.21.0`](https://togithub.com/github/codeql-action/compare/v2.20.4...v2.21.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.20.4...v2.21.0) </details> <details> <summary>slsa-framework/slsa-github-generator (slsa-framework/slsa-github-generator)</summary> ### [`v1.8.0`](https://togithub.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v180) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.7.0...v1.8.0) Release \[v1.8.0] includes bug fixes and new features. See the [full change list](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.7.0...v1.8.0). ##### v1.8.0: Generic Generator - Added: A new [`base64-subjects-as-file`](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.8.0/internal/builders/generic/README.md#workflow-inputs) was added to allow for specifying a large subject list. ##### v1.8.0: Node.js Builder (beta) - Fixed: Publishing for non-scoped packages was fixed (See [#2359](https://togithub.com/slsa-framework/slsa-github-generator/issues/2359)) - Fixed: Documentation was updated to clarify that the GitHub Actions `deployment` event is not supported. - Changed: The file extension for the generated provenance file was changed from `.sigstore` to `.build.slsa` in order to make it easier to identify provenance files regardless of file format. - Fixed: The publish action was fixed to address an issue with the package name when using Node 16. </details> --- ### Configuration 📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 Immortal: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4xMS4wIiwidXBkYXRlZEluVmVyIjoiMzYuMjcuMSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Signed-off-by: Mend Renovate <bot@renovateapp.com>	2023-08-09 08:24:24 +09:00
laurentsimon	9aa2319ef0	feat: Print byob builder (#677 ) closes https://github.com/slsa-framework/slsa-verifier/issues/672 --------- Signed-off-by: laurentsimon <laurentsimon@google.com>	2023-08-02 18:34:13 +00:00
Mend Renovate	59f6ba3e00	chore(deps): update github-actions (#651 ) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [actions/setup-node](https://togithub.com/actions/setup-node) \| action \| minor \| `v3.6.0` -> `v3.7.0` \| \| [github/codeql-action](https://togithub.com/github/codeql-action) \| action \| minor \| `v2.3.6` -> `v2.20.4` \| \| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) \| action \| minor \| `v2.1.3` -> `v2.2.0` \| --- ### ⚠ Dependency Lookup Warnings ⚠ Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v3.7.0`](https://togithub.com/actions/setup-node/releases/tag/v3.7.0) [Compare Source](https://togithub.com/actions/setup-node/compare/v3.6.0...v3.7.0) ##### What's Changed In scope of this release we added a logic to save an additional cache path for yarn 3 ([related pull request](https://togithub.com/actions/setup-node/pull/744) and [feature request](https://togithub.com/actions/setup-node/issues/325)). Moreover, we added functionality to use all the sub directories derived from `cache-dependency-path` input and add detect all dependencies directories to cache (related [pull request](https://togithub.com/actions/setup-node/pull/735) and [feature request](https://togithub.com/actions/setup-node/issues/488)). ##### Besides, we made such changes as: - Replace workflow badge with new badge by [@jongwooo](https://togithub.com/jongwooo) in [https://github.com/actions/setup-node/pull/653](https://togithub.com/actions/setup-node/pull/653) - Fix a minor typo by [@phanan](https://togithub.com/phanan) in [https://github.com/actions/setup-node/pull/662](https://togithub.com/actions/setup-node/pull/662) - docs: fix typo in advanced-usage.md by [@remarkablemark](https://togithub.com/remarkablemark) in [https://github.com/actions/setup-node/pull/697](https://togithub.com/actions/setup-node/pull/697) - bugfix: Don't attempt to use Windows fallbacks on non-Windows OSes by [@domdomegg](https://togithub.com/domdomegg) in [https://github.com/actions/setup-node/pull/718](https://togithub.com/actions/setup-node/pull/718) - Update to node 18.x by [@feelepxyz](https://togithub.com/feelepxyz) in [https://github.com/actions/setup-node/pull/751](https://togithub.com/actions/setup-node/pull/751) - Remove implicit dependencies by [@nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [https://github.com/actions/setup-node/pull/758](https://togithub.com/actions/setup-node/pull/758) - Fix description about ensuring workflow access to private package by [@x86chi](https://togithub.com/x86chi) in [https://github.com/actions/setup-node/pull/704](https://togithub.com/actions/setup-node/pull/704) ##### New Contributors - [@jongwooo](https://togithub.com/jongwooo) made their first contribution in [https://github.com/actions/setup-node/pull/653](https://togithub.com/actions/setup-node/pull/653) - [@phanan](https://togithub.com/phanan) made their first contribution in [https://github.com/actions/setup-node/pull/662](https://togithub.com/actions/setup-node/pull/662) - [@remarkablemark](https://togithub.com/remarkablemark) made their first contribution in [https://github.com/actions/setup-node/pull/697](https://togithub.com/actions/setup-node/pull/697) - [@domdomegg](https://togithub.com/domdomegg) made their first contribution in [https://github.com/actions/setup-node/pull/718](https://togithub.com/actions/setup-node/pull/718) - [@feelepxyz](https://togithub.com/feelepxyz) made their first contribution in [https://github.com/actions/setup-node/pull/751](https://togithub.com/actions/setup-node/pull/751) - [@nikolai-laevskii](https://togithub.com/nikolai-laevskii) made their first contribution in [https://github.com/actions/setup-node/pull/758](https://togithub.com/actions/setup-node/pull/758) - [@x86chi](https://togithub.com/x86chi) made their first contribution in [https://github.com/actions/setup-node/pull/704](https://togithub.com/actions/setup-node/pull/704) Full Changelog: https://github.com/actions/setup-node/compare/v3...v3.7.0 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.20.4`](https://togithub.com/github/codeql-action/compare/v2.20.3...v2.20.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.20.3...v2.20.4) ### [`v2.20.3`](https://togithub.com/github/codeql-action/compare/v2.20.2...v2.20.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.20.2...v2.20.3) ### [`v2.20.2`](https://togithub.com/github/codeql-action/compare/v2.20.1...v2.20.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.20.1...v2.20.2) ### [`v2.20.1`](https://togithub.com/github/codeql-action/compare/v2.20.0...v2.20.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.20.0...v2.20.1) ### [`v2.20.0`](https://togithub.com/github/codeql-action/compare/v2.3.6...v2.20.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.3.6...v2.20.0) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.2.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.2.0) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0 by [@spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1192](https://togithub.com/ossf/scorecard-action/pull/1192) #### Scorecard Result Viewer Thanks to contributions from [@cynthia-sg](https://togithub.com/cynthia-sg) and [@tegioz](https://togithub.com/tegioz) at [CLOMonitor](https://togithub.com/cncf/clomonitor), there is a new Scorecard Result visualization page at `https://securityscorecards.dev/viewer/?uri=<project-url>`. - [https://github.com/ossf/scorecard-webapp/pull/406](https://togithub.com/ossf/scorecard-webapp/pull/406) - [https://github.com/ossf/scorecard-webapp/pull/422](https://togithub.com/ossf/scorecard-webapp/pull/422) As an example, you can see our own score visualized [here](https://securityscorecards.dev/viewer/?uri=github.com/ossf/scorecard) Checkout our [README](`08b4669551/README.md (scorecard-badge)`) to learn how to link your README badge to the new visualization page. #### Publishing Results This release contains two fixes which will improve the user experience when `publish_results` is `true` - Runs that fail our [workflow restrictions](`08b4669551/README.md (workflow-restrictions)`) will fail with a 400 response indicating the problem, instead of a vague 500 status. ([https://github.com/ossf/scorecard-action/pull/1156](https://togithub.com/ossf/scorecard-action/pull/1156), resolved [https://github.com/ossf/scorecard-action/issues/1150](https://togithub.com/ossf/scorecard-action/issues/1150)) - Scorecard action will retry when signing results and submitting them to our web API. This should help with flakiness from connection failures. ([https://github.com/ossf/scorecard-action/pull/1191](https://togithub.com/ossf/scorecard-action/pull/1191)) #### Docs - 📖 Update README to accept fine-grained tokens by [@pnacht](https://togithub.com/pnacht) in [https://github.com/ossf/scorecard-action/pull/1175](https://togithub.com/ossf/scorecard-action/pull/1175) - 📖 Update installation instructions to match current GitHub UI by [@joycebrum](https://togithub.com/joycebrum) in [https://github.com/ossf/scorecard-action/pull/1153](https://togithub.com/ossf/scorecard-action/pull/1153) - 📖 Document the GitHub action workflow restrictions when publishing results. by [@spencerschrock](https://togithub.com/spencerschrock) in #### New Contributors - [@bobcallaway](https://togithub.com/bobcallaway) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1140](https://togithub.com/ossf/scorecard-action/pull/1140) - [@pnacht](https://togithub.com/pnacht) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1175](https://togithub.com/ossf/scorecard-action/pull/1175) Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0 </details> --- ### Configuration 📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 Immortal: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4xNDQuMiIsInVwZGF0ZWRJblZlciI6IjM2LjUuMyIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Signed-off-by: Mend Renovate <bot@renovateapp.com>	2023-07-18 10:51:23 +09:00
Ian Lewis	e2b1828894	fix: pre-submit: e2e-cli.sh artifact download (#646 ) Updates #647 Signed-off-by: Ian Lewis <ianlewis@google.com>	2023-06-29 10:05:12 -07:00
Ian Lewis	f025c630ac	refactor: Use Go 1.20 (#643 ) Fixes #589 --------- Signed-off-by: Ian Lewis <ianlewis@google.com>	2023-06-26 10:49:52 +09:00
Mend Renovate	3ee6cee147	chore(deps): update github-actions (#607 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-06-12 09:44:31 +09:00
Ian Lewis	c39b10c4c9	fix: allow workflow_dispatch to trigger release.yml (#637 ) Signed-off-by: Ian Lewis <ianlewis@google.com>	2023-06-08 22:49:25 +09:00
laurentsimon	bda35e0238	feat: BYOB verification support (#604 ) * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> --------- Signed-off-by: laurentsimon <laurentsimon@google.com>	2023-05-23 01:41:17 +00:00
Mend Renovate	52a48d18af	chore(deps): update github-actions (#597 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-05-15 04:05:12 +00:00
Mend Renovate	8da58c6c6d	chore(deps): update github/codeql-action action to v2.3.3 (#585 ) Signed-off-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: asraa <asraa@google.com>	2023-05-08 16:30:17 +00:00
Mend Renovate	515b41ca3f	chore(deps): update github/codeql-action action to v2.3.2 (#569 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-05-01 09:48:55 +09:00
Mend Renovate	e1ea1da472	chore(deps): update github-actions (#560 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-04-18 10:52:54 +09:00
Mend Renovate	9c3152fe9f	chore(deps): update github-actions (#544 ) Signed-off-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: Ian Lewis <ianlewis@google.com>	2023-04-11 02:09:29 +00:00
Ian Lewis	f96d91bdd2	fix: Support pre-releases on trusted repos (#552 ) Support pre-releases on trusted repos --------- Signed-off-by: Ian Lewis <ianlewis@google.com>	2023-04-11 08:54:33 +09:00
asraa	b01cb9d69c	chore: report scheduled release workflow failures (#543 ) * chore: report scheduled release workflow failures Signed-off-by: Asra Ali <asraa@google.com> * fix: fix yamllint Signed-off-by: Asra Ali <asraa@google.com> * empty commit Signed-off-by: Asra Ali <asraa@google.com> --------- Signed-off-by: Asra Ali <asraa@google.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2023-03-24 23:40:49 +00:00
Mend Renovate	ed7976a0d4	chore(deps): update github-actions (#529 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-03-24 14:36:38 +00:00
Mend Renovate	c4400c7475	chore(deps): update github-actions (major) (#536 ) chore(deps): update github-actions Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-03-24 08:33:31 -05:00
Batuhan Apaydın	5c377787ec	feat: verification for provenance (#537 ) * verification for provenance Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> * Fix linter warnings Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> --------- Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2023-03-21 19:11:35 -07:00
Ian Lewis	a1be080731	fix: Update references check (#533 ) Fix references check Signed-off-by: Ian Lewis <ianlewis@google.com>	2023-03-17 09:54:07 -05:00
laurentsimon	20b06426ff	docs: update installation to cover the Action and to receive updates (#523 ) docs: update installation to cover the Action and to receive updates (#523) Signed-off-by: laurentsimon <laurentsimon@google.com>	2023-03-10 15:46:04 -06:00
Mend Renovate	9f57e6add9	chore(deps): update github-actions (#502 ) Signed-off-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: Ian Lewis <ianlewis@google.com>	2023-03-06 00:48:50 +00:00
laurentsimon	82a12591ff	feat: npm default runner support (#495 ) * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> --------- Signed-off-by: laurentsimon <laurentsimon@google.com>	2023-03-02 21:53:29 +00:00
Mend Renovate	13b4c3e75b	chore(deps): update github/codeql-action action to v2.2.4 (#480 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-02-13 14:36:07 +00:00
Mend Renovate	9578b3838e	chore(deps): update github-actions (#460 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-01-30 05:33:14 -08:00
Pedro Nacht	5deacad765	ci: Ensure all version references are up-to-date prior to release (#447 ) * Create references.sh Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * WIP: check docs in pre-submits Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Clean up Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Fix based on comments Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Add instructions to RELEASE.md Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Check references match version in PR body Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> --------- Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2023-01-27 23:12:37 +00:00
Mend Renovate	5eea7c5537	chore(deps): update github/codeql-action action to v2.1.39 (#452 ) Signed-off-by: Renovate Bot <bot@renovateapp.com> Signed-off-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: asraa <asraa@google.com>	2023-01-25 15:59:45 +00:00
Mend Renovate	71e72f0a1f	chore(deps): update github/codeql-action action to v2.1.38 (#444 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-01-16 10:37:41 +09:00
Ian Lewis	1da39d7e06	ci: Add javascript to CodeQL analysis (#413 ) Signed-off-by: Ian Lewis <ianlewis@google.com> Signed-off-by: Ian Lewis <ianlewis@google.com>	2023-01-11 10:21:11 -06:00
Mend Renovate	b06fbf5b04	chore(deps): update github-actions (#436 ) * chore(deps): update github-actions Signed-off-by: Renovate Bot <bot@renovateapp.com> * Use tag for actions/upload-artifact Signed-off-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: asraa <asraa@google.com>	2023-01-09 15:28:47 +00:00
Shunsuke Suzuki	325f12aabf	chore: release assets for multiple platforms (#434 ) * chore: release assets for multiple platforms Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com> * ci: release assets for windows and macOS Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com> * ci: add configuration files for macOS and windows Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com> * ci: remove a workflow job `if-failed` This job is unneeded anymore. https://github.com/slsa-framework/slsa-verifier/pull/434#discussion_r1063427948 Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com> * ci: move configuration files to a directory `.slsa-goreleaser` Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com> Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2023-01-07 00:56:30 +00:00
Shunsuke Suzuki	a4d4074bf6	ci: fix a deprecation warning (#435 ) > args > The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com> Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>	2023-01-06 08:14:29 -06:00
Ian Lewis	452dcfac5f	ci: Add large file pre-submit check (#433 ) Signed-off-by: Ian Lewis <ianlewis@google.com>	2023-01-06 09:29:13 +09:00
asraa	bad943298a	ci: add verifier e2e presubmit that runs CLI at main (#430 ) * ci: add verifier e2e presubmit that runs CLI at main Signed-off-by: Asra Ali <asraa@google.com> Signed-off-by: Asra Ali <asraa@google.com>	2023-01-05 16:02:54 +00:00
Mend Renovate	652ec10cf9	chore(deps): update ossf/scorecard-action action to v2.1.2 (#417 ) Signed-off-by: Renovate Bot <bot@renovateapp.com> Signed-off-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: asraa <asraa@google.com>	2023-01-03 20:16:07 +00:00
Mend Renovate	5fd4ee25c1	chore(deps): update github-actions (#414 ) Co-authored-by: Ian Lewis <ianlewis@google.com>	2022-12-17 07:11:23 +00:00
Mend Renovate	b40d88c1e7	chore(deps): update github-actions (#384 ) Co-authored-by: Ian Lewis <ianlewis@google.com>	2022-12-15 01:59:36 +00:00
Ian Lewis	f439833d5e	Add regression build tag (#400 ) Signed-off-by: Ian Lewis <ianlewis@google.com>	2022-12-15 01:25:04 +00:00
Ian Lewis	1dffc4b135	Use github.token to create issues (#412 ) Signed-off-by: Ian Lewis <ianlewis@google.com> Signed-off-by: Ian Lewis <ianlewis@google.com>	2022-12-14 17:09:42 -08:00
laurentsimon	f0aec773a6	update (#410 ) Signed-off-by: laurentsimon <laurentsimon@google.com> Signed-off-by: laurentsimon <laurentsimon@google.com>	2022-12-14 14:34:54 -08:00
laurentsimon	41d551cd45	update (#408 ) Signed-off-by: laurentsimon <laurentsimon@google.com> Signed-off-by: laurentsimon <laurentsimon@google.com>	2022-12-14 18:42:59 +00:00
laurentsimon	552cfc411d	fix: token permission in Installer scheduled tests (#407 ) * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> Signed-off-by: laurentsimon <laurentsimon@google.com>	2022-12-14 10:02:28 -08:00
laurentsimon	b4257ed6bf	Update schedule.installer.yml (#404 ) Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2022-12-14 11:49:20 +09:00
laurentsimon	53b3aebdb9	feat: scheduled tests for installer Action (#398 ) * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * Update .github/workflows/schedule.installer.yml Co-authored-by: Ian Lewis <ianlewis@google.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> * Update .github/workflows/schedule.installer.yml Co-authored-by: Ian Lewis <ianlewis@google.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> * Update .github/workflows/schedule.installer.yml Co-authored-by: Ian Lewis <ianlewis@google.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> * Update .github/workflows/schedule.installer.yml Co-authored-by: Ian Lewis <ianlewis@google.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * Update .github/workflows/schedule.installer.yml Co-authored-by: Ian Lewis <ianlewis@google.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> * Update .github/workflows/schedule.installer.yml Co-authored-by: Ian Lewis <ianlewis@google.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * Update .github/workflows/schedule.installer.yml Co-authored-by: Ian Lewis <ianlewis@google.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> Signed-off-by: laurentsimon <laurentsimon@google.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Co-authored-by: Ian Lewis <ianlewis@google.com>	2022-12-14 01:37:23 +00:00
laurentsimon	477ac0d88e	fix: show version in `version` command (#392 ) * update Signed-off-by: laurentsimon <laurentsimon@google.com>	2022-12-06 20:13:35 +00:00
asraa	128324f488	ci: add pr workflow to check pr title format (#372 ) * ci: add pr workflow to check pr title format Signed-off-by: Asra Ali <asraa@google.com>	2022-11-30 21:35:33 +00:00
Mend Renovate	7bebbb9e1f	chore(deps): update actions/dependency-review-action action to v3 (#358 ) Co-authored-by: asraa <asraa@google.com>	2022-11-29 15:15:51 +00:00
Mend Renovate	0ef57a2b08	chore(deps): update github-actions (#359 ) * chore(deps): update github-actions * Update release.yml Co-authored-by: asraa <asraa@google.com>	2022-11-28 18:02:24 +00:00
Ian Lewis	28b554f525	Add golangci-lint and yamllint (#365 ) * Add Makefile and yamllint config Signed-off-by: Ian Lewis <ianmlewis@gmail.com> * Add golangci-lint config Signed-off-by: Ian Lewis <ianmlewis@gmail.com> * Add golangci-lint config Signed-off-by: Ian Lewis <ianmlewis@gmail.com> * add linters to pre-submit Signed-off-by: Ian Lewis <ianmlewis@gmail.com> * add issue link to todos Signed-off-by: Ian Lewis <ianmlewis@gmail.com> * Fix whitespace issue Signed-off-by: Ian Lewis <ianmlewis@gmail.com> Signed-off-by: Ian Lewis <ianmlewis@gmail.com>	2022-11-28 10:19:59 +09:00

1 2 3

105 Commits